import "crvpuppet"

define at3_security($webaddr="", $roleid="", $extrarules="") {
  if $AutoMode==true and $CloudCRV==true {
    #Need to get these vars
    #define $ethgreen $ethred $domasq $extrarules
  }
  
  if ( $AutoMode == false ) or ( $AutoMode==true and $CloudCRV==true ) {

    case $domasq {
      true:   {
        exec { setforwarding:
          path => "/usr/bin:/usr/sbin/:/bin:/sbin:/usr/local/bin:/usr/local/sbin",
      	  command => "sysctl -w net.ipv4.ip_forward=1",
        }
        exec { setsecurity:
          path => "/usr/bin:/usr/sbin/:/bin:/sbin:/usr/local/bin:/usr/local/sbin",
          command => "system-config-securitylevel-tui --selinux=permissive --enabled --trust=$ethgreen --masq=$ethgreen -q --port=ssh:tcp $extrarules",
          require => Exec["setforwarding"],
        }
      }
      
      false:  { 
        exec { setsecurity:
          path => "/usr/bin:/usr/sbin/:/bin:/sbin:/usr/local/bin:/usr/local/sbin",
          command => "system-config-securitylevel-tui --selinux=permissive --enabled --trust=$ethgreen-q $extrarules",
        }
      }
    }
  }
  
  if $AutoMode==true and $CloudCRV==true {
    #set_role_attr($webaddr,$roleid,"ProfileApplied","True")
  }
}

